Is your child ready to graduate from younger sites to the world of social media? Before they’re off and running, take a look at our parent’s guide to social media. It contains 5 tips to help your child have a positive experience online, while avoiding the pitfalls that can crop up. With thanks to the Family Online Safety Institute’s A Platform for Good for providing PlayWell, LLC with the forum for the discussion!
Ever since the Federal Trade Commission announced their amendments to the Children’s Online Privacy Protection Act (COPPA), the industry has been abuzz. The changes to COPPA resulted in some confusion, a few requests for more time to comply, a lot of media coverage, and in many cases, a significant amount of work to bring products into alignment. With all of that happening, it’s easy to lose sight of the fact that one of the main objectives of COPPA is simply to ensure that parents are in control of personal data that may be collected online from children under the age of 13. And for parents, it may be worth taking a look at what this is all about, and what COPPA does – and doesn’t do – to help protect your children.
What is COPPA all about?
COPPA actually went into effect in April 2000, but it was updated recently to take into account changes in online technology. The goal was and remains, to minimize the amount of personal information that websites and online services collect, use and disclose from children under the age of 13, and to ensure that parents authorize that before it happens.
Essentially, if a site or service doesn’t need certain personal data from a child in order to operate or provide a feature, the data can’t be collected. If data does need to be collected, the operator of the site or service needs to ask the child’s parent for permission first. There are some exceptions to that, but they are very limited, and the parent remains in charge.
The law is also very clear about the steps sites and services need to take to ensure that the person giving permission is the parent. In short, the more extensive the plan to use the data (for example, if the data might be posted publicly on a website), the higher the threshold is for ensuring that the person giving permission is the parent, and not the child.
What sort of information qualifies as personal?
The list is fairly comprehensive, and it includes anything that would allow us to identify the individual child. For example, a full name, email address, phone number, photo of the child or fine geolocation information would qualify, as would an IP address if it was used to track a child across the Internet to build a profile for marketing purposes.
Which sites and services must comply?
COPPA only applies to sites and online services that are directed to children or that are intended for a more general audience but that have sections specifically intended for children. So, if your child is on a site or online service that is meant for adults, with no area intended for children, the law doesn’t apply unless the operator of that site or service knows that a child is there.
What are the rights of parents under COPPA?
In addition to granting (or denying) permission for a child’s data to be collected, used or disclosed, parents also have the right to contact the operator of a site or service and ask to review what types of data the operator collects from children. Parents may also contact the operator of a site or online service and ask that their child’s personal data be deleted, and that no additional information be collected from their child. (Of course, it may be that doing so means that the child can no longer access certain features of the site, since data is only allowed to be collected when it’s needed.)
What doesn’t COPPA address?
COPPA is about data privacy and security, not physical safety or the appropriateness of the content. (While privacy is a subset of safety, it doesn’t cover it all.) COPPA is not going to keep your child safe on a site that isn’t meant for young users. So don’t allow your child to lie about their age to get onto a site that’s not meant for them. When we think about it, there are likely certain TV shows, movies and video games that you don’t allow your young child to access. Apply the same considerations to website and apps. They’re just entertainment or information on a different type of screen. And regardless of the screen, if the product isn’t meant for children, there’s likely a good reason why that’s the case.
Monitor your child’s media usage. Set rules about what content is and isn’t appropriate. Yes, there’s a lot to cover these days, but young children will appreciate the guidance and the boundaries, and you’ll be laying the foundation for good media habits as they get older. Also, take a look at the sites your children are on and the apps that they use. Be sure they’re intended for users your child’s age and that you’re comfortable with the content. And finally, have a conversation with your child about what information they should and shouldn’t share online, and then take some comfort in knowing that COPPA is supporting that too.
Are you ready? The deadline for compliance with the updated COPPA amendments has come and gone. Will your products stand up to inspection? If not, are you in the process of getting things compliant, or are you overwhelmed, struggling with where to begin?
There’s no doubt that the new COPPA amendments have set the industry abuzz and have created challenges across the board. No matter where you are with your compliance efforts, you’ll want to examine existing processes and practices and create a pathway to get into alignment. This will not only help you with the current rule, but will also help to ensure that you’re not left scrambling in the future.
Here are some tools for getting started:
Step 1: Determine your target audience
Is your product directed to children? If so, are children the primary or secondary audience? Neither? Then are there any areas within your general audience product or service that would be considered directed to children? This is something you’ll need to consider in the short term, and in the future as you update your product or service across time. Little changes can add up to big shifts in the perceived target audience, and that can impact compliance.
Step 2: Assess your product
Take a look under the hood. How was your product built? Are there social networking plug-ins? Is your revenue model dependent on ad networks? What data are you collecting, both overtly and “silently,” without involvement from the user? Do you need it all? These are critical questions, and they’re just the start. Work with your compliance team to conduct a full assessment of your products. Determine what adjustments need to be made now to get into alignment with the law. The process of gathering all of the relevant information and truly understanding your data practices takes time and some digging. When you’re done, be sure to craft the policies and practices that will help guide your teams through the regulation in the future.
This is by no means a simple or a short process. However, if done correctly, it can help to position your business to be in alignment with regulation in the future, and will give your teams the resources they’ll need to develop new products and services that are compliant from the start. It is a necessary, and ultimately cost-saving process, with results that will serve as a roadmap for your future success.